Tampering. Information
in transit is changed or replaced and then sent on to the recipient. For example,
someone could alter an order for goods or change a person’s resume.

This threat includes unauthorized modification of data or configuration
information. If your directory cannot detect tampering, an attacker might
alter a client’s request to the server. The attacker might also cancel
the request or change the server’s response to the client. The Secure
Socket Layer (SSL) protocol and similar technologies can solve this problem
by signing information at either end of the connection.

Impersonation. Information
passes to a person who poses as the intended recipient.

Impersonation can take two forms, spoofing and misrepresentation.

Spoofing. A person or computer
impersonates someone else. For example, a person can pretend to have the
mail address jdoe@example.com, or a computer can identify
itself as a site called www.example.com when it is not.

Misrepresentation. A person
or organization misrepresents itself. For example, suppose the site www.example.com pretends to be a furniture store when it is really just a site
that takes credit-card payments but never sends any goods.

Denial of service. An attacker
uses the system resources to prevent these resources from being used by legitimate
users.

In a denial of service attack, the attacker’s goal
is to prevent the directory from providing service to its clients. Directory Server Enterprise Edition provides
a way of preventing denial of service attacks by setting limits on the resources
that are allocated to a particular bind DN.